root CA expired now machine authentication broken (please help)

Discussion in 'Wireless Networking' started by Chris T., Apr 30, 2009.

  1. Chris T.

    Chris T. Guest

    Recently the root CA for my domain expired on my Windows 2003 std
    certificate authority.



    I then right clicked on the CA and clicked "renew CA certificate" with same
    key.



    Now none of my Wireless clients (all are Windows XP) are able to do machine
    authentication.



    Even if I hard wire the clients in and restart them so that they renew their
    certificates the machine will still not authenticate. Users however, are
    able to authenticate to the wireless network just fine.





    I have a wireless network setup in a GPO for the whole domain and the
    configuration is set like this.



    SSID: Dnet

    network authentication: WPA

    data encryption: TKIP

    EAP type: PEAP

    authenticate as computer when computer information is available: is checked

    and computer authentication is set to: with user re-authentication



    under the settings tab I have:



    Validate server certificate: checked

    connect to these servers: then I list out my ISA servers

    do not prompt user to authorize new servers or trusted certification
    authorities: checked

    select authentication method: secured password EAP-MSCHAP v2

    enable fast reconnect: checked





    Does anyone have advice on what I should try next?
     
    Chris T., Apr 30, 2009
    #1
    1. Advertising

  2. Assume you use IAS, any errors in the Event Viewer?

    --
    Bob Lin, MS-MVP, MCSE & CNE
    Networking, Internet, Routing, VPN Troubleshooting on
    http://www.ChicagoTech.net
    How to Setup Windows, Network, VPN & Remote Access on
    http://www.HowToNetworking.com


    "Chris T." <> wrote in message
    news:...
    > Recently the root CA for my domain expired on my Windows 2003 std
    > certificate authority.
    >
    >
    >
    > I then right clicked on the CA and clicked "renew CA certificate" with
    > same key.
    >
    >
    >
    > Now none of my Wireless clients (all are Windows XP) are able to do
    > machine authentication.
    >
    >
    >
    > Even if I hard wire the clients in and restart them so that they renew
    > their certificates the machine will still not authenticate. Users however,
    > are able to authenticate to the wireless network just fine.
    >
    >
    >
    >
    >
    > I have a wireless network setup in a GPO for the whole domain and the
    > configuration is set like this.
    >
    >
    >
    > SSID: Dnet
    >
    > network authentication: WPA
    >
    > data encryption: TKIP
    >
    > EAP type: PEAP
    >
    > authenticate as computer when computer information is available: is
    > checked
    >
    > and computer authentication is set to: with user re-authentication
    >
    >
    >
    > under the settings tab I have:
    >
    >
    >
    > Validate server certificate: checked
    >
    > connect to these servers: then I list out my ISA servers
    >
    > do not prompt user to authorize new servers or trusted certification
    > authorities: checked
    >
    > select authentication method: secured password EAP-MSCHAP v2
    >
    > enable fast reconnect: checked
    >
    >
    >
    >
    >
    > Does anyone have advice on what I should try next?
    >
    >
    >
     
    Bob Lin \(MS-MVP\), Apr 30, 2009
    #2
    1. Advertising

  3. Chris T.

    Chris T. Guest

    Yes I am using IAS

    what is strange is that I do not see any failed events in the system log for
    IAS for workstation whi-02881



    I see this message under Security:

    Event ID 680
    logon attempt by: microsoft_authentication_package_v1_0
    logon account: host/whi-02881.domain.com
    source workstation:

    error code: 0xc0000064




    "Bob Lin (MS-MVP)" <> wrote in message
    news:...
    > Assume you use IAS, any errors in the Event Viewer?
    >
    > --
    > Bob Lin, MS-MVP, MCSE & CNE
    > Networking, Internet, Routing, VPN Troubleshooting on
    > http://www.ChicagoTech.net
    > How to Setup Windows, Network, VPN & Remote Access on
    > http://www.HowToNetworking.com
    >
    >
    > "Chris T." <> wrote in message
    > news:...
    >> Recently the root CA for my domain expired on my Windows 2003 std
    >> certificate authority.
    >>
    >>
    >>
    >> I then right clicked on the CA and clicked "renew CA certificate" with
    >> same key.
    >>
    >>
    >>
    >> Now none of my Wireless clients (all are Windows XP) are able to do
    >> machine authentication.
    >>
    >>
    >>
    >> Even if I hard wire the clients in and restart them so that they renew
    >> their certificates the machine will still not authenticate. Users
    >> however, are able to authenticate to the wireless network just fine.
    >>
    >>
    >>
    >>
    >>
    >> I have a wireless network setup in a GPO for the whole domain and the
    >> configuration is set like this.
    >>
    >>
    >>
    >> SSID: Dnet
    >>
    >> network authentication: WPA
    >>
    >> data encryption: TKIP
    >>
    >> EAP type: PEAP
    >>
    >> authenticate as computer when computer information is available: is
    >> checked
    >>
    >> and computer authentication is set to: with user re-authentication
    >>
    >>
    >>
    >> under the settings tab I have:
    >>
    >>
    >>
    >> Validate server certificate: checked
    >>
    >> connect to these servers: then I list out my ISA servers
    >>
    >> do not prompt user to authorize new servers or trusted certification
    >> authorities: checked
    >>
    >> select authentication method: secured password EAP-MSCHAP v2
    >>
    >> enable fast reconnect: checked
    >>
    >>
    >>
    >>
    >>
    >> Does anyone have advice on what I should try next?
    >>
    >>
    >>

    >
     
    Chris T., Apr 30, 2009
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rafael
    Replies:
    1
    Views:
    3,259
  2. Johnny
    Replies:
    11
    Views:
    3,114
    Cerebrus
    Aug 4, 2006
  3. =?Utf-8?B?SiBFIEZsb3Jlcw==?=

    Trail version expired, can't install 32 bit version now.

    =?Utf-8?B?SiBFIEZsb3Jlcw==?=, Feb 17, 2006, in forum: Windows 64bit
    Replies:
    7
    Views:
    457
    John Barnes
    Feb 17, 2006
  4. =?Utf-8?B?a2VpdGhvc3VsbGl2YW4=?=

    My trial time expired and now I can't get access to my documents

    =?Utf-8?B?a2VpdGhvc3VsbGl2YW4=?=, Feb 27, 2007, in forum: Windows 64bit
    Replies:
    0
    Views:
    416
    =?Utf-8?B?a2VpdGhvc3VsbGl2YW4=?=
    Feb 27, 2007
  5. kpg
    Replies:
    6
    Views:
    514
    Consultant
    Jul 18, 2008
Loading...

Share This Page